Hi I have done a very stupid thing against all my advice I give to other people. I have opened an attachment containing a Malicious macro! The email and attachment looked similar to invoices I receive so I scanned it for virus's which was clean and then opened it. It opened in MSWord protected mode but then I did a silly thing and clicked on edit! I just had a blank page in protected mode and in edit mode so not sure if I had compromised my system. The macro allegedly downloads Trojans to steal passwords, banking details etc.

My questions are:
1. would I have infected my system given that the page was blank.
2. I have not visited, logged onto any financial institution since I opened this file so would any of my banking stuff been compromised?
3. I have repartioned the boot drive and reloaded windows 10 fresh, so would that have got rid of any virus?

Thanks

dandl

Lexa, AR

Member

Forum Posts: 533

Member Since: April 29, 2013

Offline

2

January 23, 2016 - 1:19 pm

Not for sure if I would have reloaded W10 but if you did this and you reloaded W10 with the "do not save anything option" then this should have taken care of the problem. If you are using Windows Defender then you might consider doing a complete scan instead of the quick scan, it takes longer but it will scan a lot more files. You might also consider running a Malwarebytes or SuperAnti malware scan.

Pauly

Member

Forum Posts: 3

Member Since: January 23, 2016

Offline

3

January 23, 2016 - 3:33 pm

Thanks for your reply Dandl.

Once I had realised what I had done I did a full scan with Sophos home which was clear, then as you suggest Malwarebytes which came up clean and then super anti malware which just showed up a bunch of cookies. Then paranoia took over and I repartitioned the boot drive and reinstalled Windows without saving anything ( all my data is not on the boot drive). I have since done a full scan with defender and Malwarebytes on the boot drive and data drive which comes up clean so hopefully I have a clean base.

I have changed all my banking pins and passwords from my iPad and will probably change all my other passwords as well, overkill maybe but I deserve it for my stupidity.

Am I correct in thinking that even if my system was infected, if I didn't access my online banking or open any files with sensitive info my accounts wouldn't be compromised?

Jim Hillier

Admin

Forum Posts: 2506

Member Since: August 9, 2011

Offline

4

January 23, 2016 - 3:48 pm

Hi Pauly - As long as you didn't have any information about your banking details saved on the computer and didn't access/log-in to your online bank, you should be fine.

You did the right thing clean installing. The common type of infection delivered via malicious attachments are Trojans which are one of the more invasive types of malware.

I have changed all my banking pins and passwords from my iPad and will probably change all my other passwords as well,

Good move, and I would definitely change all passwords. In this situation, there is no such thing as overly cautious.

Pauly

Member

Forum Posts: 3

Member Since: January 23, 2016

Offline

5

January 23, 2016 - 5:27 pm

Hi Jim thanks for your reply much appreciated.

Just realised I have got bank statements and account numbers stored on the data disk, no passwords though, how do these Trojans work, do they sit there and monitor your activity?

Great website by the way, always look forward to your articles.

Claw

Member

Forum Posts: 86

Member Since: July 11, 2012

Offline

6

January 24, 2016 - 1:44 pm

Hey Pauly, I'm far from an expert, but a lot of Trojans plant themselves into your system and go about their business. Some have the ability to take control of your computer, others are designed to steal information by keystrokes. Examples:

Backdoor
A backdoor Trojan gives malicious users remote control over the infected computer. They enable the author to do anything they wish on the infected computer – including sending, receiving, launching, and deleting files, displaying data, and rebooting the computer. Backdoor Trojans are often used to unite a group of victim computers to form a botnet or zombie network that can be used for criminal purposes.

Exploit
Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running on your computer.

Rootkit
Rootkits are designed to conceal certain objects or activities in your system. Often their main purpose is to prevent malicious programs being detected – in order to extend the period in which programs can run on an infected computer.

Trojan-DDoS
These programs conduct DoS (Denial of Service) attacks against a targeted web address. By sending multiple requests – from your computer and several other infected computers – the attack can overwhelm the target address… leading to a denial of service.

Trojan-Downloader
Trojan-Downloaders can download and install new versions of malicious programs onto your computer – including Trojans and adware.

Trojan-Dropper
These programs are used by hackers in order to install Trojans and / or viruses – or to prevent the detection of malicious programs. Not all antivirus programs are capable of scanning all of the components inside this type of Trojan.

Trojan-FakeAV
Trojan-FakeAV programs simulate the activity of antivirus software. They are designed to extort money from you – in return for the detection and removal of threats… even though the threats that they report are actually non-existent.

Trojan-GameThief
This type of program steals user account information from online gamers.

Trojan-Ransom
This type of Trojan can modify data on your computer – so that your computer doesn’t run correctly or you can no longer use specific data. The criminal will only restore your computer’s performance or unblock your data, after you have paid them the ransom money that they demand.

Trojan-Spy
Trojan-Spy programs can spy on how you’re using your computer – for example, by tracking the data you enter via your keyboard, taking screen shots, or getting a list of running applications.

Trojan-Mailfinder
These programs can harvest email addresses from your computer.

TechnoMage

Central FL, USA

Member

Forum Posts: 22

Member Since: April 17, 2016

Offline

7

April 19, 2016 - 11:49 am

Occasionally, I also do a little "Woooops!" by downloading something I thought would be good and safe, only to find it included a whole bunch of 'Crapware'.

Of course, I could use my Un-Installer to remove the 'Crapware' just hoping I'd removed it all, or.......

I can shutdown the PC, re-boot with my Ghost Backup/Restore CD and do a Restore of my C: drive, back to my last Ghost Backup. Which, if I've followed my own advise, will never be more than a few days old....a week at the most.

I won't loose any recent data files, because I back them up to a 1TB USB 3.0 external HD on a daily basis.

So, getting something on your PC that you don't want or that is totally corrupt, doesn't have to be a death sentence. You can make it just a minor inconvenience.

Even a complete hard drive CRASH, doesn't have to ruin your day, if you have a recent backup of all your Stuff. Put in a new drive, do a Ghost Restore and you're back in business in just a few minutes.

Being "Old School" myself, I'm still using the last DOS version of Ghost, (Ghost 11.5) written back in 2005. It works fast and efficient and will back up every OS from Windows 98 to Windows 10/64, even Windows Server and Linux, with no problems.

It's no longer supported by Symantec, but like, who cares. It still works!

Cheers Mates! Remember....the only bad backup is the one that you didn't make.

TechnoMage

A man with experience is never at the mercy of a man with an argument.